RFR: 8311596: Add separate system properties for TLS server and client for maximum chain length [v4]
Hai-May Chao
hchao at openjdk.org
Mon Oct 16 23:01:28 UTC 2023
On Mon, 16 Oct 2023 13:31:46 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> That's not my understanding. Since `jdk.tls.maxClientCertificateChainLength` is explicitly set on the command line you should honor it.
>
> Yes, I agree that if the application sets `jdk.tls.maxClientCertificateChainLength` or `jdk.tls.maxServerCertificateChainLength`, it should always take precedence even if the specified value is the same as the default.
>
> You will need to first see if these properties are set before assigning the default value.
Fixed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15163#discussion_r1361340286
More information about the security-dev
mailing list